If I could please have these quickly addressed, I'd be most grateful. Thank you!


1. Configuration.php file is publicly acessible, where should I store it?

2. PHP Directive
allow_url_fopen allow_url_fopen is On.
allow_url_include allow_url_include is On.
open_basedir open_basedir is not used.
disable_functions disable_functions is missing the following: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
((I checked and these are not on within the file and I have the php.ini files, plus I followed the given advice and put in Admin as well))

3. Scanning your files Error! Cannot open folder /home!
Scanning your files for common malware Error! Cannot open folder /home!

4. Test malware file went undetected. Other security extension found the malicious code right away.

1. Moving your configuration.php outside public_html
2. If the php.ini values haven't changed, then it means they didn't take effect. Please keep in mind that it's not RSFirewall! that reads php.ini files, it's your hosting environment. The recommendations we're giving are enough for most hosting providers, but if your hosting provider does not allow the reading of local php.ini files you should contact them instead.
3 & 4. The malware files were not detected because the scanning didn't took place at all. As the message states, a folder could not be opened (due to permissions error or something else). Please submit a ticket so that we can have a look.